Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Amount Update in `createOffer` Function

brene

Summary

In the createOffer function, the amount field in the stockInfoMap is updated to params.amount. This can lead to inconsistencies as params.amount represents the amount the user wants to buy or sell, not necessarily the amount of stock.

Vulnerability Details

The amount field in the stockInfoMap is set to params.amount, which represents the amount the user wants to buy or sell.

/// @dev update stock info
stockInfoMap[stockAddr] = StockInfo({
id: offerId,
stockStatus: StockStatus.Initialized,
stockType: params.offerType == OfferType.Ask
? StockType.Bid
: StockType.Ask,
authority: _msgSender(),
maker: makerAddr,
preOffer: address(0x0),
offer: offerAddr,
points: params.points,
>> amount: params.amount
});

Impact

The amount field in the stockInfoMap may not accurately reflect the actual stock amount, leading to potential mismatches and errors in subsequent operations. Incorrect stock amounts can result in failed or incorrect trades, affecting the integrity of the marketplace.

Tools Used

Manual Review

Recommendations

Ensure that the amount field in the stockInfoMap accurately reflects the actual stock amount.

/// @dev update stock info
stockInfoMap[stockAddr] = StockInfo({
id: offerId,
stockStatus: StockStatus.Initialized,
stockType: params.offerType == OfferType.Ask
? StockType.Bid
: StockType.Ask,
authority: _msgSender(),
maker: makerAddr,
preOffer: address(0x0),
offer: offerAddr,
points: params.points,
- amount: params.amount
+ amount: transferAmount
});
Updates

Lead Judging Commences

0xnevi Lead Judge
10 months ago
0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.